digital forensics Flashcards
(7 cards)
Glossary
PLC
- programmable logic controller
HMI
- human machine interface
ICS
- industrial control system
MD5
- message digest (5th revision) 128-bit (16-byte) output
SHA1
- secure hash algorithm 160-bit (20-byte) output)
CRC
- cyclic redundancy check
Non-Social Engineering Attacks
Denial of Service (DoS attacks)
Man in the Middle (MITM attacks)
Ransome wear
SQL injection
Session hijacking
Brute force attacks
Malware attacks
Social Engineering = “Hacking the human”
Non-Social = “Hacking the machine/system”
Digital forensics
Digital forensics is the identification, collection, preservation, and analysis of digital artefacts
the analyst must :
- collect evidence to support criminal investigations
- preserve the integrity of the information
- analyse evidence to support or refute events
Chain of Custody
A documented verification of where evidence has travelled, and which personnel handled it
Prevent substitution, tampering, damaging, altering, contamination, misplacing or falsifying evidence
maintains credibility of evidence
Key forensic stages
Identify resources – desktops, laptops, personal devices, external storage media
Preservation of data – forensic image for evidence and integrity
Analysis of data – reverse steganography, data carving
Documentation – chronological reconstruction of evidence
Presentation – of evidence to support judicial process
Visual Inspection
Note any removable media and foreign objects
Note any physical damage to equipment
- Indications of tampering/manipulation of equipment
Take photographs (document, document, document!)
Order of Volatility
CPU, cache, and register contents
Routing table, ARP cache, process table, kernel statistics, network connections
Memory
Virtualized systems
Temporary file
system/swap space
System & security device logs
Hard disk data (Post)
Remotely logged data
Physical media (CDs, Back-up tapes, etc)
